stackoom
  简体   繁体   中英

How can I disable cache for http headers?

 原文  2016-06-01 01:30:45       google-chrome/ caching/ cookies/ http-headers

Question

I am reading about HTTP basic authentication . On the MDN website, it says:

Because BA header has to be sent with each HTTP request, the web browser needs to cache the credentials for a reasonable period to avoid constant prompting user for the username and password. Caching policy differs between browsers. Microsoft Internet Explorer by default caches them for 15 minutes.

However, after I told the chrome postman to send a request without a cached header I still noticed the presence of an authorization field when I logged traffic at the server side:

{ host: 'localhost:3000',
  connection: 'keep-alive',
  authorization: 'Basic YWRtaW46cGFzc3dvcmQ=',   // why?
  'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36',
  'cache-control': 'no-cache',
  'postman-token': '7e458c2d-b11b-026d-809b-68a7cf3d5a37',
  ....

Then I also tried using just google chrome , but I again saw an authorization field:

{ host: 'localhost:3000',
  connection: 'keep-alive',
  pragma: 'no-cache',
  'cache-control': 'no-cache',
  authorization: 'Basic YWRtaW46cGFzc3dvcmQ=', // again
  ....

Question 1: I disabled cache for both Chrome (I couldn't find the no-cached option , so I just selected "disable cache" in the chrome debugger) and postman (which has an option for "no-cached header"), but they still included the authentication header...why? How can I prevent them from doing this?

Question 2: Same thing happened when I tried to make the client not to send back the Cookie , I even use the clear cookie functionality in chrome history... but I still see its presence in request header. I assume each header field is cached differently, so how can I manage the cookies?

Opening an incognito window will make the browser forget about the authorization and cookie... but only once: subsequent tabs will have these headers.

1 answers

solution1
 0  2017-06-09 18:24:59

I noticed the same thing, it's frustrating. But you can click the 'Disable Cache' option in the Chrome Network inspector and it will/should remove it (In my case I just needed it to update the cache with a new Auth header).

This is concerning though because if a user logs into an app and the token expires, the app could refresh it and serve the new token to the http client, but Chrome will automatically overwrite it with the expired token...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Chrome is caching even with HTTP no-cache headers How can I see HTTP headers triggered by web browers (Firefox, Chrome, Safari) in the exact same order they are built How to disable cache on chrome for Android? How can I read Chrome Cache files? How can i disable the text next to the cursor? How and can I disable touch events in Javascript? How to disable HTTP/2 in chrome or chromium? How I can to see request headers of Flash in Extension Google Chrome? How to disable Google Chrome's Cache? How can I debug a HTTP POST in Chrome?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM